Solved

GP makes XP logon slow-a question beyond the usual solution

Posted on 2004-04-27
5
170 Views
Last Modified: 2010-04-19
It is known that set "computer\administrative template\systems\logon\always wait for the network at computer startup and logon" to enable solves the slow logon problem most of the times. The question is what really slows down the computer startup. The userenv debug log did not give me much insights, so I began to reverse settings in the offending GPO appled to an ou containing the computer and, not long, found "computer\windows settings\security settings\file system" is the culprit. When I delete all the file system objects there, the startup of the computer is normal with the "....wait for the network..." set to disable. My guess is someone who really knows MS file system DACL and SACL can most likely provide some insight.

Any help is appreciated.

0
Comment
Question by:karlour
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 10937420
karlour
When you set an ACL from a GPO in that way, it effectively wipes the existing rights and re-applies an ACL from the root down (or wherever you started from) every time the GPO is run.

If there is a large number of files and folders in the area being ACl'd then the ACL will take a long time to apply and hence delay startup.

I suggest you run this ACL at server build time, not during execution of a GPO

Cheers

JamesDS
0
 

Author Comment

by:karlour
ID: 10939368
JamesDS:

Thank you for the input. In my test, even with one entry in that container will cause the system to delay at the boot. Though I understand that every file and folder down that directory tree will be affected, I believe these chnages are mostly bit switch changes. I suspect the system is waiting for something rather than busy applying ACLs.

Regards,

0
 
LVL 16

Accepted Solution

by:
JamesDS earned 125 total points
ID: 10941815
karlour
It is possible that the ACL isn't actually being applied and the GPO is simply timing out. Typical timeout settings are 60 seconds on a GPO. You should check that permissions are actually being applied.

I wouldn't say an ACL is simply a bitswitch change as each ACE is re-written in RAM, re-ordered correctly into an ACL and then the changes are committed to the NTFS - for every object being affected. This is not a quick process in comparision to other type of GPO Processing.

Cheers

JamesDS
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
idle mapped drive 10 71
Moving RDP Server to New Server. 3 77
NTP time source for DC 3 86
Windows 2003 Web server - authentication required message 3 42
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question